Solved

Cisco 7960 VoIP behind ASA 5510 not recieving calls, but can make calls

Posted on 2010-11-15
4
1,715 Views
Last Modified: 2013-12-27
I have an interesting problem with our ASA 5510. We have a few Cisco 7960 VoIP phones which can make calls but are unable to receive calls after a few hours.

My thought was that the ASA was causing an issue with SYN/ACK messages coming from the phones and being denied due to no matching SYN and causing half open connections on the phones until the phone can no longer receive any new connections. I've seen this happen in the logs before.

this was "fixed" with:
service resetinbound interface outside
service resetinbound interface inside

However, I'm not seeing any denied SYN/ACK messages now and the phones are having this issue. The only way I know to temporarily resolve it is to re-enter the dynamic nat configuration, and then the phones begin to work again.

The phones are configured for SIP, and are using our ISPs IPBX to register.
[Phone]---->[ASA]-------->[ISP IPBX]

I've attached the ASA config. If anyone has any input on this, it will be greatly appreciated.


0
Comment
Question by:aaronhebert
  • 3
4 Comments
 

Assisted Solution

by:aaronhebert
aaronhebert earned 0 total points
Comment Utility
ran debug sip and found the following message

SIP::Unable to open pinhole for NOTIFY message from 192.168.26.20 to 192.168.26.20/50195
0
 

Expert Comment

by:kunalpatel
Comment Utility
Dont you have to run the phone-proxy for this to work ??

Check this out

https://supportforums.cisco.com/docs/DOC-5704

Cheers

Kunal
0
 

Accepted Solution

by:
aaronhebert earned 0 total points
Comment Utility
Found out that inspecting SIP on ASAs will cause this issue.

Resolution:
Do not inspect SIP. Perform QoS based on Expedited Forward value.

From the IP header:
Differentiated Services Field: 0xb8 (DSCP 0x2e: Expedited Forwarding; ECN: 0x00)

This problem exists because we use multiple VoIP vendors. Linksys and Cisco. Each use their own protocols. Cisco uses RTP over UDP, and Linksys uses straight UDP without any further encapsulation. matching for QoS by DSCP field has resolved this issue.
priority-queue outside

priority-queue inside

!

class-map global-voice-class

 match dscp ef

!

policy-map global-voice-policy

 class global-voice-class

  priority

!

service-policy global-voice-policy global

Open in new window

0
 

Author Closing Comment

by:aaronhebert
Comment Utility
issue resolved
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now